Microsoft was attacked by Russian hackers Midnight Blizzard

Microsoft was attacked by Russian hackers Midnight Blizzard

On January 12, 2024, Microsoft’s security team discovered an attack on its corporate systems. The corporation identified the threat as Midnight Blizzard, a Russian state agent also known as Nobelium.

A response process was immediately activated to investigate, stop the malicious activity, mitigate the attack, and deny the attacker further access. The corporation shared the update, according to the Microsoft blog.

Beginning in late November 2023, an attacker used a password spraying attack to compromise a customer’s legacy non-production test account and gain a foothold. And then used the account’s permissions to access a very small percentage of Microsoft’s corporate email accounts, including members of the senior management team and cybersecurity staff, legal and other functions, and stole some emails and documents.

The investigation indicates that the hacker targeted email accounts associated with Midnight Blizzard itself. Microsoft immediately notified employees whose emails were accessed by the attacker.

The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the attacker had any access to client environments, production systems, source code, or AI systems. The Company will notify customers if any action is required.

This attack highlights the risk to all organizations from well-resourced state threats like Midnight Blizzard.

By considering state-sponsored threat actors, Microsoft is changing the balance between security and business risk, because traditional computing simply isn’t enough anymore. For Microsoft, the incident highlighted the urgent need to move forward even faster.

“We will act immediately to apply our current security standards to legacy systems and internal business processes owned by the corporation Microsoft. Neven if these changes may disrupt existing business processes. It will likely cause some disruption while we adapt to this new reality, but it is a necessary step and just the first of several we will take to embrace this philosophy.” – the corporation said.

Microsoft is continuing its investigation and will take additional action based on the findings, as well as continue to cooperate with law enforcement and relevant regulators.

ProIT previously reported that Microsoft has overtaken Apple by market capitalization to become the most valuable company in the world thanks to AI.

Subscribe to ProIT in Telegramso you don’t miss a post!

Related posts